15.4 Setting Auditing Flags for the Drivers

This section outlines the recommended auditing settings for the Managed System Gateway Driver and the Data Collection Service Driver.

15.4.1 Setting Audit Flags in Identity Manager

NetIQ recommends that you set auditing flags in Identity Manager for the drivers. These flags are for Novell Auditing (not XDAS).

To set the flags in iManager, go to Driver Set Properties > Log Level > Log specific events.

Category

Recommended Flags

Metadirectory Engine Events

  • Metadirectory Engine Warnings

Status Events

  • Success

    NOTE:The Correlated Resource Assignment Events per User report requires the Success flag. If you want to be able to run this report or customized versions of it, then you need to enable the Success flag.

  • Error

  • Fatal

Operation Events

  • Modify

  • Add Association

  • Check Password

  • Add Value

  • Add

  • Rename

  • Remove Association

  • Check Object Password

  • Clear Attribute

  • Remove Value

  • Get Named Password

  • Remove

  • Move

  • Change Password

  • Add Value (on modify)

  • Reset Attributes

Transformation Events

  • Password Reset

  • User Agent Request

  • Password Sync

Credential Provisioning Events

  • Set SSO Credentials

  • Clear SSO Credentials

  • Set SSO Passphrase

15.4.2 Setting Audit Flags in eDirectory

NetIQ recommends that you set auditing flags in eDirectory for the drivers. These flags are for Novell Auditing (not XDAS).

To set the flags in iManager, go to eDirectory Auditing > Audit Configuration > Novell Auditing.

Category

Recommended Flags

Global

  • Do Not Send Replicated Events

Meta

  • (Select all flags)

Objects

  • Add Property

  • Allow Login

  • Change Password

  • Change Security Equals

  • Create

  • Delete

  • Delete Property

  • Login

  • Logout

  • Modify RDN

  • Move (Source)

  • Move (Destination)

  • Remove

  • Rename

  • Restore

  • Search

  • Verify Password

Attributes

  • (Select all flags)

Agent

  • DS Reloaded

  • Local Agent Opened

  • Local Agent Closed

  • NLM Loaded

Miscellaneous

  • Generate CA Keys

  • Recertified Public Key

LDAP

  • LDAP Bind

  • LDAP Bind Response

  • LDAP Modify

  • LDAP Modify Response

  • LDAP Password Modify

  • LDAP Unbind

  • LDAP Delete

  • LDAP Delete Response

  • LDAP Modify DN

  • LDAP Modify DN Response

  • LDAP Search

  • LDAP Search Response

  • LDAP Add

  • LDAP Add Response